Category: Office 365

Add Authorised Domain in Office 365

The authorised domains set in the local Exchange service do not get synchronised into Office 365, so they need to be added independently. Open a powershell window and start a session to Office 365 – you will also need to connect to the MsolService (see Connect to Exchange Online). Run the following command to add a domain –

New-MsolDomain -Name new.domain -TenantId eaab77ea-b4a5-49e3-a1e8-d6dd23a1f286 -Authentication federated

Note: The TenantId can be found in the Azure Active Directory admin centre under properties

Repair Federation Trust Checklist

  1. Document the existing trust settings (federated domains, federation settings)
    • Get-FederatedOrganizationIdentifier | select -ExpandProperty domains (local)
    • Get-FederationTrust |fl (local)
    • Get-OrganizationConfig |fl (local)
    • Get-OrganizationRelationship |fl (local)
    • Get-SendConnector |fl (local)
    • Get-ReceiveConnector |fl (local)
    • Get-FederatedOrganizationIdentifier | select -ExpandProperty domains (Office 365)
    • Get-AcceptedDomain | fl (Office 365)
    • Get-OutboundConnector | fl (Office 365)
    • Get-InboundConnector | fl (Office 365)
    • Get-RemoteDomain | fl (Office 365)
    • Get-OrganizationConfig | fl (Office 365)
    • Get-OrganizationRelationship | fl (Office 365)
    • Get-FederationTrust | fl (Office 365)
  1. Force remove each federated domain from the federation:

Remove-FederatedDomain -DomainName o365mail.qub.ac.uk -Force

  1. Remove the federation trust:

Remove-FederationTrust “Microsoft Federation Gateway”

  1. Wait for AD replication
  2. Create a new federation trust:

New-FederationTrust -Name “Microsoft Federation Gateway v2” -Thumbprint “E866E662B3B5C57BE72DA541978BADB6ECED6E74”

  1. Update the trust organisation information:

Get-Federationtrust | Set-FederationTrust –RefreshMetadata

  1. Add o365mail.qub.ac.uk to the federated organization identifier:

Set-FederatedOrganizationIdentifier -DelegationFederationTrust “Microsoft Federation Gateway v2 ” -AccountNamespace o365mail.qub.ac.uk -Enabled $true

  1. Configure the required settings in the trust (as per the documentation created in step 1).
  2. Wait for AD replication
  3. Test the certificate and trust (Test-FederationTrustCertificate, Test-FederationTrust) – it can take 12-48 hours before the trust reports as being no longer expired!
  4. Add the federated domain back into the trust (this will involve generating domain ‘Proof’ entries and adding them to your external DNS, then waiting for DNS propagation):

Add-FederatedDomain -DomainName o365mail.qub.ac.uk

Add-FederatedDomain -DomainName ads.qub.ac.uk

Get-AcceptedDomain -Identity o365mail.qub.ac.uk |fl

Get-RemoteDomain -Identity o365mail.qub.ac.uk |fl

Get-FederatedDomainProof -DomainName o365mail.qub.ac.uk -Thumbprint E866E662B3B5C57BE72DA541978BADB6ECED6E74

    1. Add the DnsRecord TXT string to the external facing DNS for the o365mail.qub.ac.uk domain.

Copy Contents From One Office 365 Mailbox to Another

Open powershell and connect to Exchange Online (see earlier post).

You can only copy the contents from the source mailbox into a folder on target mailbox. Use the following command –

Search-Mailbox source-id -TargetMailbox target-id -LogLevel full

You will be prompted to enter a folder name. Once you have entered the name the command will run. This will probably take several minutes and a small report will be displayed at the end.

Close the session to Exchange Online

Connect to Exchange Online

On your local computer, open Windows PowerShell and run the following command –

$UserCredential = Get-Credential

In the Windows PowerShell Credential Request dialog box, type your Office 365 user name and password, and then click OK.

Run the following command –

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Then run the command –

Import-PSSession $Session

You need to connect to the Microsoft Online Service for a number of operations. To do so run the following command using the credentials you input as above –

Connect-MsolService -Credential $UserCredential

Once you have finished with the session run the command –

Remove-PSSession $Session